687
edits
Changes
Created page with "== Prerequisites == You will need to generate a private key, and a certificate signing request. DOMAIN=xw.is openssl genrsa -rand -genkey -out $DOMAIN.key 2048 openssl re..."
== Prerequisites ==
You will need to generate a private key, and a certificate signing request.
DOMAIN=xw.is
openssl genrsa -rand -genkey -out $DOMAIN.key 2048
openssl req -new -key $DOMAIN.key -out $DOMAIN.csr
Send ''xw.is.csr'' to your certificate vendor and follow the instructions.
== Prepare certificates for use ==
Your certificate vendor will give you a bunch of files. You need to concatenate them in order to use them in your web server. Order is essential. For example, for Comodo:
cat xw_is.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >../xw.is.crt
== Configure your web server ==
Use xw.is.key and xw.is.crt in your web server. For example for nginx add this to your server block:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 443;
server_name xw.is;
ssl on;
ssl_certificate /tank/nginx/tls/xw.is.crt;
ssl_certificate_key /tank/nginx/tls/xw.is.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /usr/local/www/nginx;
index index.html index.htm;
}
}
}
You will need to generate a private key, and a certificate signing request.
DOMAIN=xw.is
openssl genrsa -rand -genkey -out $DOMAIN.key 2048
openssl req -new -key $DOMAIN.key -out $DOMAIN.csr
Send ''xw.is.csr'' to your certificate vendor and follow the instructions.
== Prepare certificates for use ==
Your certificate vendor will give you a bunch of files. You need to concatenate them in order to use them in your web server. Order is essential. For example, for Comodo:
cat xw_is.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >../xw.is.crt
== Configure your web server ==
Use xw.is.key and xw.is.crt in your web server. For example for nginx add this to your server block:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 443;
server_name xw.is;
ssl on;
ssl_certificate /tank/nginx/tls/xw.is.crt;
ssl_certificate_key /tank/nginx/tls/xw.is.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /usr/local/www/nginx;
index index.html index.htm;
}
}
}
